Data stolen from network infrastructure provider CommScope Holding Co. Inc. has been published on the dark web, the shady corner of the internet reachable through special software, following a successful ransomware attack.

The first anyone became aware that CommScope had been targeted was when the Vice Society ransomware gang published the stolen data on their dark web leaks site on April 14. CommScope has not made a public statement on the attack, but a company spokesperson told TechCrunch Monday that it had detected “unauthorized access to a portion of our IT infrastructure” that it “determined was the result of a ransomware incident” on March 27.

The CommScope spokesperson said the company had hired a third-party cybersecurity firm for a forensic investigation and had informed law enforcement, but it has not informed any customers or others who may have been affected because the company currently has no evidence that customer information was accessed.

SiliconANGLE viewed some of the files shared by Vice Society and, though an extensive study was not undertaken, the majority of the files seem to be internal documents, purchase orders, server logs and spreadsheets, some with personally identifiable information. The files were overwhelming in Spanish, not English, suggesting that the ransomware attack occurred in a Spanish-speaking country. One document found was a copy of a letter from the Office of the Director General of Education in Mexico. CommScope has multiple locations in Mexico.

Even if a CommScope site in Mexico was targeted, the story still has missing parts.

“It is unclear so far whether the breached company has paid the ransom or not, as the public exposure of stolen data is possible in both cases,” Dr. Ilia Kolochenko, information technology security company ImmuniWeb SA and a member of Europol Data Protection Experts Network, told SiliconANGLE. “Usually, paying a ransom – though being discouraged by law enforcement and potentially triggering legal ramifications in some jurisdictions – provides better chances to keep your compromised data private. However, cases are known when individual members of ransomware gangs have silently shared compromised data with their peers who eventually leaked the data, to the utmost surprise of the victims.”

Vice Society was previously in the news in December when it claimed responsibility for an attack on a U.K. Spar wholesaler. The ransomware group has also being linked to a ransomware attack that targeted Norway-based media company Amedia AS and an attack on California medical services provider United Health Centers.

According to its dark web page, Vice Society claims among its recent victims Lakeland Community College in Ohio, Lewis & Clark College, Eclog International and Berkely Country Schools.

Image: Vice Society